asyncrat | 9c722efda237af4e856b06657c20ad677d6c75ea33a033e28fa3f522039b5eae | Triage

Sharing

General

Target

SheetRat 2.6.rar
Size

33.3MB
Sample

240722-rxwkgasdne
MD5

b9dd02437fd962a0b233e21b04bfcc5c
SHA1

02be658c5e17858b6e0d971f98e19f4dae5a7028
SHA256

9c722efda237af4e856b06657c20ad677d6c75ea33a033e28fa3f522039b5eae
SHA512

205b2df67b5e361386ac000cc84af25b4209cc8756e0d206229e111200f5f511efa8351d6a56934099754c524f2f55783c923a84c55817e0844cd6d6e8c5c29a
SSDEEP

786432:oIISITJFqDYrajwvTW7tAAwbuTGN2xxP7a9hJl6L6jJXEl:oIISItFqEajCW56N2xxP7a9EKlO

Score

10^/10

asyncrat xmrig miner persistence privilege_escalation pyinstaller rat

Malware Config

Targets

- Target
  
  SheetRat/Server-cleaned.exe
- Size
  
  1.3MB
- MD5
  
  c1862c57cf6b6c302f71ef986950328f
- SHA1
  
  2b5df84beb75f758e2b50f9d8c1d73cc59bf9936
- SHA256
  
  f90bcd094d81b324edfa8413b4ae9a6a51a38058520b2572151a91205e9b788f
- SHA512
  
  de5cd2be9933e317d48b2b8556a260a5427ca88e8653975951d9d6364cebea91e3cc500a724a7d38c314d449c84ba9cb12988f3d2425905e149f1a095f90ef2d
- SSDEEP
  
  24576:YLysNT+f7momlEkmmsEnE7E7E7EUmemmmmmmIzme4jwnaKEmbToQ2:Y2sNTI7momSkmmtEQQQUmemmmmmmIzm/
Score

10^/10

persistence privilege_escalation
- Modifies WinLogon for persistence
  persistence
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  SheetRat/Stub/Client.exe
- Size
  
  47KB
- MD5
  
  a0e04bf9b43f0b442bd3193f06dc52b5
- SHA1
  
  30bb0c17640c414d948ed3e2fdf571b98f125efb
- SHA256
  
  71824238c3baec179911bd6e4655ebff234e15d0f14248077e2c388ef4337009
- SHA512
  
  d7015f5c8223ba0f4e3b478185fa3e4de0831aee949302185fdc8b3afe59105fe096a3e5ee23219a1c16dfcbc77d169a82774ecd727ef98bdb94a878583a2ae2
- SSDEEP
  
  768:+nqRz+Q9CF6abcLPbUG9bOplP7ZXdEEyb:B9g6asD79bOHLDu
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

AppInit DLLs

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

AppInit DLLs

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

ratpyinstallerminerasyncratxmrig

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation

behavioral3

behavioral4